jedbrown / git-fat

Simple way to handle fat files without committing them to git, supports synchronization using rsync
BSD 2-Clause "Simplified" License
622 stars 136 forks source link

The safety of fat-store directory using git-fat #63

Open pengyu opened 9 years ago

pengyu commented 9 years ago

How secure is it to use git-fat with other people to manage the repository. In particular, it seems that everybody should have write access to the some fat-store directory. So anyone is able to delete something from fat-store? Is there something like pull request that allows each person has it own fat-store directory, yet allow pulling changes from others' fat-store directories?

jedbrown commented 9 years ago

This is a filesystem issue, not a git-fat issue. (From a security perspective, it doesn't matter whether git-fat has an interface, it matters whether the underlying protocol and permissions system supports that operation.) If you would like to prevent other people from deleting your files, you can set the sticky bit. I don't want git-fat to need a custom server (too complicated and more surface area to secure).

pengyu commented 9 years ago

Would it be better to somehow allow something like pull request so that each one has its own fat-store repository? If everyone relies on a central fat-store repository, this sounds like not consistent with git's decentralization philosophy. Since git-fat is closely related with git, it is better to make it consistent with git in this aspect.

jedbrown commented 9 years ago

This is a separate issue and the reason I want git-fat to have named remotes. We have discussed it a few times.

pengyu commented 9 years ago

OK. When do you think the named remote feature will be added?

jedbrown commented 9 years ago

I can't promise a date, but see PR #28 for recent discussion.